Class
Database
Database
Description
The Database class is the base class for the Database subclasses that communicate with a variety of databases. Use one of the subclasses to connect to your Database.
Properties
Name |
Type |
Read-Only |
Shared |
|---|---|---|---|
Methods
Name |
Parameters |
Returns |
Shared |
|---|---|---|---|
tableName As String, row As DatabaseRow |
|||
tableName As String, row As DatabaseRow, idColumnName As String = "" |
|||
command As String, ParamArray values() As Variant |
|||
statement As String |
|||
query As String, ParamArray values() As Variant |
|||
tableName As String |
|||
tableName As String |
|||
Property descriptions
Database.DatabaseName
DatabaseName As String
The name of the Database to open.
The DatabaseName is typically used with server databases (such as MySQL or PostgreSQL) to identify the specific Database to use on the server.
This code connects to a PostgreSQL Database called "BaseballLeague":
Var db As New PostgreSQLDatabase db.Host = "192.168.1.172" db.Port = 5432 db.DatabaseName = "BaseballLeague" db.UserName = "broberts" db.Password = "streborb" Try db.Connect ' Use the database Catch error As DatabaseException ' DB Connection error MessageBox(error.Message) End Try
Database.Host
Host As String
The Database host name or IP address of the Database server.
This examples connects to a PostgreSQL Database called "BaseballLeague":
Var db As New PostgreSQLDatabase db.Host = "192.168.1.172" db.Port = 5432 db.DatabaseName = "BaseballLeague" db.UserName = "broberts" db.Password = "streborb" Try db.Connect ' Use the database Catch error As DatabaseException ' DB Connection error MessageBox(error.Message) End Try
Database.Password
Password As String
The password that is required for access to the Database. Typically used in conjunction with UserName.
This examples connects to a PostgreSQL Database called "BaseballLeague":
Var db As New PostgreSQLDatabase db.Host = "192.168.1.172" db.Port = 5432 db.DatabaseName = "BaseballLeague" db.UserName = "broberts" db.Password = "streborb" Try db.Connect ' Use the database Catch error As DatabaseException ' DB Connection error MessageBox(error.Message) End Try
Database.UserName
UserName As String
The username that is required for access to the Database.
This code connects to a PostgreSQL Database called "BaseballLeague":
Var db As New PostgreSQLDatabase db.Host = "192.168.1.172" db.Port = 5432 db.DatabaseName = "BaseballLeague" db.UserName = "broberts" db.Password = "streborb" Try db.Connect ' Use the database Catch error As DatabaseException ' DB Connection error MessageBox(error.Message) End Try
Method descriptions
Database.AddRow
AddRow(tableName As String, row As DatabaseRow)
Inserts row as a new row in tableName.
AddRow(tableName As String, row As DatabaseRow, idColumnName As String = "") As Integer
Inserts row as a new row in tableName returning the newly assigned ID in the idColumnName column.
Always look for a DatabaseException to verify whether or not the data was added.
This code adds a row to an existing Team table with the columns "Name", "Coach" and "City". It's assumed that the variable db contains an active Database connection:
Var row As New DatabaseRow ' ID will be updated automatically row.Column("Name") = "Penguins" row.Column("Coach") = "Bob Roberts" row.Column("City") = "Boston" Try db.AddRow("Team", row) Catch error As DatabaseException MessageBox("DB Error: " + error.Message) End Try
Database.BeginTransaction
BeginTransaction
Creates a new transaction. Changes to the Database made after this call can be saved with CommitTransaction or undone with RollbackTransaction.
A DatabaseException will be raised if the transaction could not begin or another transaction is already in progress.
You typically want to Commit changes after ensuring there were no Database errors:
' Prior DB code has run Try DB.BeginTransaction DB.ExecuteSQL("CREATE TABLE AddressBook name VARCHAR, email VARCHAR") DB.CommitTransaction Catch error As DatabaseException MessageBox("Error: " + error.Message) DB.RollbackTransaction End Try
Database.Close
Close
Closes or disconnects the Database.
Calling Close does not issue a Commit, but some databases will automatically Commit changes in a transaction when you Close the connection and some Database will automatically Rollback changes in a transaction when the connection is closed. Refer to the documentation for your Database to check what its behavior is.
For desktop apps, you will often Connect to the Database when the app starts and Close it when the app quits.
For web apps, you usually Connect to the Database when the Session starts and Close it when the Session quits.
This code in the App.Closing event handler closes a previously connected Database:
DB.Close ' DB is a property on App
Database.CommitTransaction
CommitTransaction
Commits an open transaction. This permanently saves changes to the Database.
A DatabaseException will be raised if the transaction could not be committed.
You have to have an open transaction to be able to use CommitTransation. Use BeginTransaction to begin a transaction:
DB.BeginTransactionYou typically want to commit changes after ensuring there were no Database errors:
' Prior DB code has run Try DB.CommitTransaction Catch error As DatabaseException MessageBox("Error: " + error.Message) DB.RollbackTransaction End Try
Database.Connect
Connect
Connects to the Database so that you can begin using it.
Warning
A DatabaseException will be raised if the connection could not be made.
This example connects to the Database object in the variable db:
Try db.Connect MessageBox("Connected!") Catch error As DatabaseException MessageBox("Error connecting to the database: " + error.Message) End Try
Database.ExecuteSQL
ExecuteSQL(command As String, ParamArray values() As Variant)
Used to execute an SQL command. Use this for commands that do not return any data, such as
CREATE TABLEorINSERT. The command parameter contains the SQL statement.Tip
You can also pass an array of values as the first and only parameter instead of a ParamArray.
Passing values as parameters protects your database by automatically creating a PreparedSQLStatement.
In this example, the Database is being updated without the use of parameters and thus leaves the Database vulnerable to a SQL injection attack:
' Updates a table in a SQLite database (db) Var sql As String sql = "UPDATE Customer SET City='" + CityField.Text + "' WHERE PostalCode='" + PostalCodeField.Text + "'" Try db.ExecuteSQL(sql) Catch error As DatabaseException MessageBox("DB Error: " + error.Message) End TryHere's the same example but using parameters which protects you against a SQL injection attack:
' Updates a table in a SQLite database (db) Var sql As String sql = "UPDATE Customer SET City=? WHERE PostalCode=?" Try db.ExecuteSQL(sql, CityField.Text, PostalCode.Text) Catch error As DatabaseException MessageBox("DB Error: " + error.Message) End TryThe parameter values can also be passed in as a variant array:
Var sql As String sql = "UPDATE Customer SET City=? WHERE PostalCode=?" Var values(1) As Variant values(0) = CityField.Text values(1) = PostalCode.Text Try db.ExecuteSQL(sql, values) Catch error As DatabaseException MessageBox("DB Error: " + error.Message) End TryThis code creates the Team table:
' db is a SQLite database Var sql As String sql = "CREATE TABLE Team (ID INTEGER NOT NULL, Name TEXT, Coach TEXT, City TEXT, PRIMARY KEY(ID));" Try db.ExecuteSQL(sql) MessageBox("Team table created successfully.") Catch error As DatabaseException MessageBox("DB Error: " + error.Message) End Try
Database.Prepare
Prepare(statement As String) As PreparedSQLStatement
Creates a PreparedSQLStatement using the SQL statement for use with the various Database prepared statement classes. A prepared statement is an SQL statement with parameters that has been pre-processed by the Database so that it can be executed more quickly if it is re-used with different parameters. Prepared statements also mitigate the risk of SQL injection in web apps.
To create a prepared statement, you assign the value of Prepare to appropriate class for the Database you are using.
Refer to the specific PreparedStatement class for the Database you are using to learn how to specify and bind parameters:
If the provided SQL statement has an error, a DatabaseException will occur when you call SelectSQL or ExecuteSQL.
SQL Injection is a way to attack Database-driven applications.
Important
This method is not currently supported for Android.
Database.SelectSQL and Database.ExecuteSQL both support prepared statements without the need to use any of the prepared statement classes. These cover most cases.
To create a prepared statement, you use the appropriate class for the Database you are using. For example, to create a prepared statement for PostgreSQL:
' db is a previously connected PostgreSQLDatabase object Var ps As PostgreSQLPreparedStatement ps = db.Prepare("SELECT * FROM Country WHERE code = $1")
Database.RollbackTransaction
RollbackTransaction
Cancels an open transaction restoring the Database to the state it was in before the transaction began.
A DatabaseException will be raised if the rollback could not be completed.
You will generally want to rollback Database changes if a DatabaseException occurs within the transaction.
Important
While rolling back a transaction restores the database to its previous state, it has no impact on the data you access in a RowSet. To update the RowSet so that its data matches the database, you will need to re-query the database to recreate the RowSet.
You have to have an open transaction to be able to use Rollback. Call BeginTransaction to begin a transaction:
DB.BeginTransactionThis code uses rollback to revert Database changes in a transaction when an error occurs:
' Prior DB code has run Try db.CommitTransaction Catch error As DatabaseException MessageBox("Error: " + error.Message) db.RollbackTransaction End If
Database.SelectSQL
SelectSQL(query As String, ParamArray values() As Variant) As RowSet
Executes a SQL SELECT statement and returns the results in a RowSet. query contains the SQL statement.
Tip
You can also pass an array of values as the first and only parameter instead of a ParamArray.
Warning
A DatabaseException will be raised if the SQL passed is invalid or if an error occurs.
Typically only SQL
SELECTstatements return a RowSet, but some databases return a RowSet for SQL commands such asINSERT,UPDATEor stored procedures.Warning
While you can pass an entire valid SQL statement to SelectSQL with all values included, doing so can leave your database open to a SQL injection attack.
Passing values as parameters protects your database by automatically creating a PreparedSQLStatement.
To avoid SQL injection attacks, use parameters in your SQL statement and then pass the values in as an array or parameter array. See the examples below.
Database
Parameter Format
?
?
$1, $2, etc.
? (also ?NNN, :VVV, @VVV, $VVV - see docs)
This sample adds the names of all customers in a particular postal code to a ListBox. It passes the entire SQL select as a single statement and appends the value from a TextField called PostalCode, leaving the Database vulnerable to an SQL injection attack:
' db is a valid connection to a SQLite database Var rowsFound As RowSet Try rowsFound = db.SelectSQL("SELECT * FROM Customer WHERE PostalCode=" + PostalCode.Text) For Each row As DatabaseRow In rowsFound ListBox1.AddRow(row.Column("Name").StringValue) Next rowsFound.Close Catch error As DatabaseException MessageBox("Error: " + error.Message) End TryThis is the same code as above but instead it uses a value identifier (?) and then passes the value in separately to avoid a SQL injection attack:
' db is a valid connection to a SQLite database Var rowsFound As RowSet Try rowsFound = db.SelectSQL("SELECT * FROM Customer WHERE PostalCode=?", PostalCode.Text) For Each row As DatabaseRow In rowsFound ListBox1.AddRow(row.Column("Name").StringValue) Next rowsFound.Close Catch error As DatabaseException MessageBox("Error: " + error.Message) End TryMultiple values can be passed to SelectSQL. In this example, Age and PostalCode are both DesktopTextField controls:
' db is a valid connection to a SQLite database Var rowsFound As RowSet Try rowsFound = db.SelectSQL("SELECT * FROM Customer WHERE Age=? AND PostalCode=?", Age.Value, PostalCode.Text) For Each row As DatabaseRow In rowsFound ListBox1.AddRow(row.Column("Name").StringValue) Next rowsFound.Close Catch error As DatabaseException MessageBox("Error: " + error.Message) End Try
Database.TableColumns
TableColumns(tableName As String) As RowSet
Returns a RowSet with information about all the columns (fields) in the specified tableName.
Note
If an error occurs, a DatabaseException will be raised.
TableColumns returns a RowSet with these columns:
ColumnName: A string that is the name of the column.
FieldType: An integer that describes the type of the column (refer to the table below).
IsPrimary: A boolean that indicates if the column is part of the primary key.
NotNull: A boolean that indicates if the column can be set to NULL.
Length: An integer that describes the length of the field (for some text fields), the precision of numeric data (for some numeric fields) or the default value for a field (for SQLite columns).
cid: (SQLite Only) The ID of the column.
ODBC Databases may return different columns depending upon the database to which you are connecting.
This table identifies the Column Type based on the FieldType Integer:
Field Type
Value
Description
Null
0
Denotes the absence of any value, i.e., a missing value.
Byte
1
Stores the byte representation of a character string.
SmallInt
2
A numeric data type with no fractional part. The maximum number of digits is implementation-specific, but is usually less than or equal to INTEGER. SQLite supports 4-byte smallints. If you are using another data source, check the documentation of your data source.
Integer
3
A numeric data type with no fractional part. The maximum number of digits is implementation-specific. SQLite supports 8-byte integer columns and the FieldType evaluates to 19 (64-bit integer).
Char
4
Stores alphabetic data, in which you specify the maximum number of characters for the field, i.e., CHAR (20) for a 20 character field. If a record contains fewer than the maximum number of characters for the field, the remaining characters will be padded with blanks.
Text or VarChar
5
Stores alphabetic data, in which the number of characters vary from record to record, but you don't want to pad the unused characters with blanks. For example, VARCHAR (20) specifies a VARCHAR field with a maximum length of 20 characters.
Float
6
Stores floating-point numeric values with a precision that you specify, i.e., FLOAT (5).
Double
7
Stores double-precision floating-point numbers.
Date
8
Stores year, month, and day values of a date in the format YYYY-MM-DD. The year value is four digits; the month and day values are two digits.
Time
9
Stores hour, minute, and second values of a time in the format HH:MM:SS. The hours and minutes are two digits. The seconds values is also two digits, may include a optional fractional part, e.g., 09:55:25.248. The default length of the fractional part is zero.
TimeStamp
10
Stores both date and time information in the format YYYY-MM-DD HH:MM:SS. The lengths of the components of a TimeStamp are the same as for Time and Date, except that the default length of the fractional part of the time component is six digits rather than zero. If a TimeStamp values has no fractional component, then its length is 19 digits If it has a fractional component, its length is 20 digits, plus the length of the fractional component.
Currency
11
This is a 64-bit fixed-point number format that holds 15 digits to the left of the decimal point and 4 digits to the right.
Boolean
12
Stores the values of TRUE or FALSE.
Decimal
13
Stores a numeric value that can have both an integral and fractional part. You specify the total number of digits and the number of digits to the right of the decimal place, i.e., DECIMAL (5.2) specifies a decimal field that can contain values up to 999.99. DECIMAL (5) specifies a field that can contain values up to 99,999.
Binary
14
Stores code, images, and hexadecimal data. Consult the documentation of your data source for information on the maximum size of a Binary field.
Long Text (Blob)
15
Stores a text object. Consult the documentation of your data source for information on the maximum size of a Blob.
Long VarBinary (Blob)
16
Stores a binary object. SQLite supports blobs of up to any size. Furthermore, a blob can be stored in a column of any declared data affinity. If you are using another data source, check the documentation of your data source.
MacPICT
17
Stores a Macintosh PICT image. SQLite does not support this data type. Use a Blob to store images.
String
18
Text up to about 2 billion bytes. The same as VarChar.
Int64
19
Stores a 64-bit integer. Integer fields in SQLite are 64 bits and FieldType returns 19.
Unknown
255
Unrecognized data type.
Note
Depending upon the version you are using, only a subset of these types may be supported.
The following code creates a table and then display each column name one at a time:
Var db As SQLiteDatabase Var dbFile As FolderItem dbFile = New FolderItem("mydb.sqlite") If dbFile.Exists Then dbFile.Remove End If db = New SQLiteDatabase db.DatabaseFile = dbFile Try db.CreateDatabase db.ExecuteSQL("CREATE TABLE Invoices (ID INTEGER, CustID INTEGER, Amount Double, Note TEXT)") Var columns As RowSet = db.TableColumns("Invoices") For Each c As DatabaseRow In columns MessageBox("Column: " + c.Column("ColumnName").StringValue) Next Catch error As IOException MessageBox("The database could not be created: " + error.Message) Catch error As DatabaseException MessageBox("Database error: " + error.Message) End Try
Database.TableIndexes
TableIndexes(tableName As String) As RowSet
Returns a RowSet containing the list of indexes for the passed tableName. Returns Nil if the table has no indexes or the Database source does not support indexes.
A DatabaseException will be raised if an error occurs.
The RowSet returns one row for each index on the table and it has one field: IndexName As String.
This code displays the indexes for the "Invoices" table (if it exists) in the specified SQLite Database:
Var dbFile As FolderItem dbFile = FolderItem.ShowOpenFileDialog("") If dbFile <> Nil Then Var db As New SQLiteDatabase Try db.Connect Var indexRS As RowSet indexRS = db.TableIndexes("Invoices") ' A table with indexes in the SQLite DB For Each row As DatabaseRow In indexRS MessageBox("Index: " + row.ColumnAt(0).StringValue) Next indexRS.Close Catch error As NilObjectException MessageBox("This database has no indexes.") Catch error As DatabaseException MessageBox("Could not connect to database. Error: " + error.Message) End Try End If
Database.Tables
Tables As RowSet
Returns a RowSet with a list of all tables in the Database.
A DatabaseException will be raised if an error occurs.
Tables returns a RowSet with one field: TableName As String.
The following code gets and displays the table names for the connected Database:
' App.db is a connected database Var tables As RowSet tables = App.db.Tables Try For Each row As DatabaseRow In tables MessageBox(row.ColumnAt(0).StringValue) Next tables.Close Catch error As NilObjectException MessageBox("This database has no tables.") End Try
Notes
Database classes
The following subclasses of Database are included. Everything other than SQLiteDatabase requires that you copy the appropriate plugin to your Plugins folder.
Class |
Description |
|---|---|
Supports the MySQL Community edition server. Use MySQLCommunityPlugin.xojo_plugin. |
|
Supports ODBC-based databases. Use ODBCPlugin.xojo_plugin. |
|
Supports PostgreSQL. Use PostgreSQLPlugin.xojo_plugin. |
|
Supports the built-in SQLite data source. |
3rd party database plugins
The following Database plugins are also available. Contact the vendor for more information on how to use them.
Class |
Description |
|---|---|
Adds support for cubeSQL Server, a database server built on SQLite. |
|
Adds support for the FrontBase database. |
|
Adds support for the Valentina stand-alone and server databases. |
|
Adds support for the various server databases including CubeSQL, Centura SQLBase, DB2, Firebird, Informix, InterBase, MariaDB, Microsoft Access, Microsoft SQL Server, MySQL, ODBC, Oracle Database Server, PostgreSQL, SQL Anywhere, SQLite, SQLCipher and Sybase. |
|
Sample code
The following code creates a SQLite Database and uses ExecuteSQL to create a table.
Var dbFile As New FolderItem("MyDB.sqlite")
Var db As SQLiteDatabase
db = New SQLiteDatabase
db.DatabaseFile = dbFile
Try
db.CreateDatabase
Var sql As String
sql = "CREATE TABLE Team (ID INTEGER NOT NULL, Name TEXT, Coach TEXT, City TEXT, PRIMARY KEY(ID));"
db.ExecuteSQL(sql)
Catch error As DatabaseException
MessageBox("Database error: " + error.Message)
End Try
The following example inserts a row in this table:
Var row As New DatabaseRow
' ID will be updated automatically
row.Column("Name") = "Penguins"
row.Column("Coach") = "Bob Roberts"
row.Column("City") = "Boston"
Try
db.AddRow("Team", row)
Catch error As DatabaseException
MessageBox("DB Error: " + error.Message)
End Try
This code gets the data from the Team table and displays it:
Var sql As String
sql = "SELECT * FROM Team ORDER BY Name"
Var rows As RowSet
rows = db.SelectSQL(sql)
If rows <> Nil Then
For each row As DatabaseRow In rows
MessageBox(row.Column("Name").StringValue + " " + row.Column("City").StringValue)
Next
rows.Close
End If
Compatibility
Project Types |
All |
Operating Systems |
All |
See also
Object parent class; DatabaseColumn, DatabaseException, DatabaseRow. MySQLCommunityServer, ODBCDatabase, PostgreSQLDatabase, PreparedSQLStatement, RowSet, SQLiteDatabase classes.